How to Use sAMAccountName and userPrincipalName at Same Time for User Logon with Active Directory

How to Use sAMAccountName and userPrincipalName at Same Time for User Logon with Active Directory

book

Article ID: CTX207284

calendar_today

Updated On:

Description

This article describes how use sAMAccountName and userPrincipalName at same time for user logon with Active Directory.

Background

While authenticating with LDAP for NetScaler Gateway or any other resource behind the NetScaler, we can only access resources using either 'domain\username' or 'username'. But if we use our email-id 'username@domain.com', it does not work. Changing the 'Server logon name attribute' found in AUTHENTICATION > DASHBOARD > SERVER > EDIT on the LDAP server profile to userPrincipalName lets us authenticate with 'username@domain.com' but then 'domain\username' stops working. This article help you authenticate users regardless of the end user entering 'sAMAccountName' or 'userPrinicpalName'.

Instructions

Make two LDAP server profiles pointing to the same LDAP server IP. All the values should be same in the configuration except one. The Server logon name attribute is different for both the profiles. One has 'sAMAccountName' and the other one will be 'userPrincipalName'.

Now when the user tries to login with 'domain\username', they will be authenticated by the LDAP profile using 'sAMAccountName'. And when they uses their email id, they will be allowed by the other LDAP profile.

To know how to create and bind LDAP authentication profiles please follow the instructions of this article: https://support.citrix.com/article/CTX108876

Issue/Introduction

This article describes how use sAMAccountName and userPrincipalName at same time for user logon with Active Directory.

Additional Information

https://support.citrix.com/article/CTX108876
Powered by Wolken Software